Security Engineer (Application Security)

About the Opportunity

Contentful strives to build a secure and safe service and commits considerable effort and resources to security. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams. We believe that Security must be anchored by DevOps principles with strong repeatable processes.

We are looking for a committed and driven Security Engineer with experience working in cloud-native product infrastructure and corporate environments. In this role, you will manage daily alerts and operations while leading broader collaborative initiatives, such as architecture design, threat modeling, and vulnerability identification, to drive meaningful security improvements. Candidates should be skilled in cloud-native technologies, with demonstrable proficiency in infrastructure-as-code and application development.

This hands-on role offers an opportunity to grow your expertise in cloud technologies and security tooling while making a meaningful impact by embedding security practices and supporting secure third-party integrations in a fast-paced software-as-a-service environment.

What to Expect

• Lead initiatives and partner with teams to embed practical security safeguards and champion a security-first mindset across the business.
• Lead security assessments and remediation for cloud-native applications, infrastructure, and vendor integrations to proactively identify and address risk.
• Support vulnerability management by identifying, tracking, and partnering with teams to drive remediation of security issues across product and corporate environments.
• Develop and maintain security solutions through custom development and effective tool management to enhance efficiency and operational effectiveness.
• Leverage industry standards to develop hardening requirements and monitoring mechanisms that enforce and strengthen the security of systems and environments.
• Advance the development, customization, and maintenance of hardening standards and monitoring mechanisms for systems and environments.
• Drive security and monitoring enhancements to containerized workloads and orchestration platforms.
• Participate actively in incident investigations through independent analysis, contributing to findings, root cause analysis, and remediation efforts.
• Collaborate in defining and monitoring evolving security compliance and regulatory requirements.
• Research and evaluate emerging threats, vulnerabilities, and security technologies to keep defenses up to date.

What You Need to Be Successful

• 4+ years of security engineering, DevSecOps, or equivalent experience.
• Hands-on expertise with AWS architecture, services, and security features.
• Proficiency in Python to build and maintain security tools.
• Familiarity with Kubernetes and container security, including configuration and runtime protection.
• Exposure to JavaScript and Go with the ability to perform security code reviews.
• Experience using Terraform to build, deploy, and maintain infrastructure as code.
• Strong foundational networking knowledge covering cloud networking concepts, the OSI model, TCP/IP, and routing fundamentals.
• Demonstrable ability to embed security considerations throughout the software development lifecycle.
• Hands-on involvement supporting vulnerability management and incident response functions.
• Familiarity with authentication and authorization protocols and mechanisms (OAuth, SAML, JWT, IAM)
• Experience identifying and mitigating OWASP Top 10 vulnerabilities in web applications and APIs.
• Clear and effective communication skills.
• Ability to articulate security risks and tradeoffs to both technical and semi-technical audiences.
• A proactive, growth-oriented mindset focused on continuous learning, innovation, and raising security standards.
• Passionate about designing and performing hands-on implementation work.
• Ability to work in a fast-paced environment, often juggling multiple projects.

This role will need to be conducted in a state in which we are currently registered to do business. In addition, this position is not eligible for visa sponsorship. Applicants must be authorized to work without the need for visa sponsorship by the start date of employment.